22 March 2020 (Version 1)
About this policy
How to contact us
What types of data we hold about you
How we obtain your data
What we use your data for
Who we disclose your data to
Where we process your data
Data security and preventing unauthorised access
Cookies that we use
Third Party Websites
Changes to this policy
Legal status of this policy
Meaning of words we use in this policy
1. About this policy
2. About us
We are a family ran Limited company registered in England and with company number 12179625, and our registered office is at 131 Percy Road, Twickenham, Whitton, London, England, United Kingdom, TW2 6HT.
3. How to contact us
To contact us, please write to our principal office at Faam Gallery, 131 Percy Road, Twickenham, Whitton, London, England, United Kingdom, TW2 6HT or e-mail us at email@example.com
4. What types of data we hold about you
The data and information we hold and process about you when opening an account or purchasing artwork(s) consists of the following:
a. Information about you:
Your contact details, including address, telephone, mobile, fax, own website, and e-mail.
Your account information, including each membership and other account you have registered for with us.
Your account log-in details, including username and password.
Your address book, including other shipping addresses that you provide.
b. Information relating to your orders
Your purchase transactions
Your purchase orders
Your payment information and payment history
Order delivery, fulfilment and returns information.
c. Your activity online
Your professional artist information, including, but not limited to personal details, galleries, portrait, biography, exhibitions, awards, tuition, media, and subjects.
Messages that you exchange with other members using any service provided by us.
Any other content that you supply.
d. Administration Information
Communications between you and us, including queries, problems, support, and survey responses, and including via e-mails, web-forms, and telephone.
e. Technical information when you visit our website
IP address (a unique identifier allocated to your computer for your connection to the internet).
Information relation to your use of our website, including where you visited our website from, and what pages you visit on our website.
5. How we obtain your data
We obtain your data through a variety of means, including:
a. Forms you fill in / data you provide.
From forms which you complete and submit on our website
From printed forms which you obtain from our website or us
Data we collect face-to-face, or by means of e-mail or telephone
b. Other information you supply
From the data, information and images you post, upload or otherwise provide to our website, including our forum.
From any other information you supply from time to time, including through telephone calls, emails and other communications between you and us.
From any information supplied by other users of our site and other customers.
c. Generated Information
From information generated by us as a result of dealings, transactions and communications with you, including supplying any goods or services to you, providing the functionality of our website, operating competitions, and dealing with queries, support requests and complaints.
d. Technical Information
From information which is automatically supplied by your web-browser when you visit our website.
From information recorded by our server when you view any page on our website.
6. Data uses
We use your data for the following operational purposes:
a. Operate and improve our website
To provide our website and its features and functionality.
To analyse the performance of and improve our website.
To keep you informed with status or other administrative notices.
b. Supply of goods and services
To perform each order from you for the supply of goods and services.
To collect payments due from you.
c. Provision of membership accounts
To provide, administer and manage your accounts and the associated services included in those accounts.
To collect payment of all account fees.
To pay commission on sales to artists.
d. General administration
To monitor our staff.
To communicate with you for administrative and support purposes.
To manage complaints, disputes and claims.
To enforce our contracts and terms and bring claims.
e. Marketing e-mails and communications
We will also use your data to send you marketing materials and newsletters relating to our website, products, services and events, but only where you have consented to this through the appropriate setting in our website whist filling forums, and you have not withdrawn your consent. You may change your consent by contacting us.
f. Data we hold on you is done so on our secure computer servers. We hold this data to ensure that we are able to manage your account and provide details to you on previous purchases and your account preferences. If you require us to remove this information, please see section 11.
7. Who we disclose your data to
a. Our contractors and supplier
Where we use third parties to provide or supply any part of our website or any goods, services, events, insurance or other things, or to enforce or administer any contracts or terms, then we may provide your data to them as reasonably required for those purposes, including to the artists from whom work is purchased from, delivery agents, payment processors, and insurers.
Your data may be held by them as data processor on our behalf, in which case we will remain the data controller, and your data will only be held and used by them on our behalf and in accordance with our instructions and this policy. Your data will also only be held or as long as it is required to undertake their services, after which time it will be securely removed from their systems.
In some cases, your data may need to be provided to them to be used by them for their own purposes, as data controller, where this is reasonably necessary, for the purposes of provision of any goods, services, insurance, event etc. by them. In such case, they should inform you separately that they are holding your data as data controller.
b. Legal requirements
We may supply your data to a government authority where required to comply with a legal requirement, for the administration of justice, or where reasonably required to protect your vital interests.
c. Claims handling
We may disclose your identity to any third party who is making any claim against us in relation to any of your data that you have posted or uploaded to our website, including where it is claimed to breach their rights or privacy.
8. Where we process your data
We and our suppliers normally store and process your data in the United Kingdom or in Iran.
9. Data security and preventing unauthorised access
a. Our security measures
We will take and use reasonable endeavours to ensure our suppliers take all reasonable steps and implement all reasonable measures, to keep your data secure and prevent unauthorised access to your data and to prevent accidental loss or damage to your data.
b. Your passwords
You are responsible for keeping your username and password log-in details confidential and we would ask you not to share them with anyone.
c. Information Security Policy
All employees are responsible for ensuring confidentiality of sensitive information. Faam Gallery recognises the importance of information security. The primary purpose of our information security is the protection of services to members and customers, and the customer information we are supplied with. It is the company’s aim to ensure that customers have confidence in our information security and are safe in the knowledge that we are responsive to their security concerns.
Faam Gallery will adhere to all the requirements of PCI DSS in protecting customer card details. Everyone within Faam Gallery has an important role to play and each member of staff has their own specific tasks and responsibilities. We expect our core behaviour of professionalism and customer focus to be reflected in our protection of customer information. We support staff efforts to secure information through policies, and staff training and awareness activities.
This policy is subject to review annually to ensure that at a strategic level it addresses the evolving information security threats and objectives needed for the organisation to be successful.
d. Payment Card Security
Faam Gallery process payment cards through Wix Payment Page verified by SSL secure shopping. The addressed payment provider works with payment gateways that offer the highest level of security certification (PCI DSS Level 1).
10. Cookies that we use
11. Your rights
a. Access to your data
You can see most of your data through your account web pages when logged in on our website. Under the Data Protection Act 1998 and General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679), you are entitled to a copy of all personal data we hold about you. If you would like to exercise this right, please contact us via email at firstname.lastname@example.org, requesting a Subject Access Request Form.
b. Your right to stop marketing messages
If we are sending you marketing literature (including paper-based and electronic messages), you have the right to ask us to stop doing this. Please contact us using our contact details above.
c. Your right to stop use causing distress
You have the right to ask us to stop using any data for any purpose where that purpose is causing you substantial distress. If you have any concerns regarding our use of your data, please contact us using our contact details in this policy.
d. Your right to alter inaccurate data
You are entitled to ask us to change, erase, block or modify any inaccuracies in your personal data, by contacting us using our contact details above. We will respond to these requests within one month. In most cases you can do this yourself though your account web pages on our website, which let you change and update your data.
e. Your right to revoke consent at any time
You have the right to withdraw consent for us to use your data at any time. If this withdrawal means we are not able to provide a service to you, we will advise of this at the time of withdrawal.
f. Your right to erasure
If you wish to have all of your data that is held by Faam Gallery erased, you should contact us on the details above, to which we will respond within one month.
12. Third-Party Websites
13. Changes to this policy
14. Legal status of this policy
15. Meaning of words we use in this policy
In this policy:
personal data means any of your data which constitutes personal data under the Data Protection Act 1998 or General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679), and in relation to which you are the data subject.
we, our and us means Faam Gallery, trading as Faam Gallery Ltd.
you and your means you our guest, visitor, customer or member, including anyone who visits our website, registers for an account with us, purchases anything from us, uses our website forum, enters any competition through our website, registers for a professional account and becomes a full member of ours, any affiliated club and its members and any regional co-ordinator.
your data means all data and information which you supply, or we otherwise hold, obtain, generate or process in relation to you from time to time, as further detailed in this policy.
service means any service provided by us, whether free or paid-for, including our website any service, feature or functionality of our website.
website means our internet website whose address is https://www.faamgallery.com and any additional or replacement website from time to time that we operate.